<?php include("includes/header.php"); ?>

<style>
#page_container
{
  background-color: transparent;
}

#reset_container{
  margin:100px auto;
  border: 1px solid #5f0808;
  width: 500px;
  border-top-left-radius: 5px;
  border-top-right-radius: 5px;

}
#reset_form_title
{
  background-color: #5f0808;
  height: 25px;
  width: 100%;
  text-align: center;
  border-top-left-radius: 4px;
  border-top-right-radius: 4px;
}
#reset_form_title h3
{
  color: #f9f9f9;
  padding: 0px;
  margin: 0px;
}

#reset_form
{
  margin: 20px auto;
  width: 200px;
}
#reset_form_footer
{
  margin-top: 20px;
  text-align: center;
  margin-bottom: 20px;
}
#reset_form_footer a
{
  color: #5f0808;
}
</style>

<?php 
if(isset($_GET['code'])){
	$get_email = $_GET['email'];
	$get_code = $_GET['code'];
	
	$query = mysqli_query($dbc, "SELECT * FROM User WHERE email ='$get_email'");
	
	while($row = mysqli_fetch_assoc($query)){
		$db_code = $row['passreset'];
		$db_email = $row['email'];
	}
	if($get_email == $db_email && $get_code == $db_code){
		echo "
      <div id=\"reset_container\">
        <div id=\"reset_form_title\"><h3>New Password</h3></div>
			<form id='reset_form' action = 'password_reset.php?code=$get_code' method='POST'>
				<label>New password:</label>
				  <input type='password' name='newpass'><p></p>
				
				<label>Re-enter new password:</label>
				<input type='password' name='newpass1'><p></p>
				
				<input type='hidden' name='email' value='$db_email'>
				<input style=\"float:right;\" type='submit' value='Update'><br>
			</form>
      </div>
    </div>
		";
	}
}
else
{
  echo "
  <div id=\"reset_container\">
  <div id=\"reset_form_title\"><h3>Password Reset</h3></div>
  <form id=\"reset_form\" action='password_forgot.php?' method='POST'>
    <label>Email Address:</label>
      <input type=\"text\" name=\"email\" style=\"float:right\"/><p></p>
      <input type=\"hidden\" name='sendflag' value=\"send\">
      <input type=\"submit\" name='submit' value=\"Reset\" style=\"float:right; margin-top:10px;\"/><p></p><br />
  </form>
  <div style=\"clear:both\"></div>
  <div id=\"reset_form_footer\"><a href=\"login.php\">Login</a> | <a href=\"create_account.php\">Create Account</a></div>
  </div>

  ";
		
if($_SERVER['REQUEST_METHOD'] == "POST"){
 				$email = $_POST['email'];
 			$query = mysqli_query($dbc, "SELECT * FROM User WHERE email='$email'");
 				$numrow = mysqli_num_rows($query);
 		
 			if($numrow != 0){
 					while($row = mysqli_fetch_assoc($query)){
 						$db_email = $row['email'];
 					}
 					if($email == $db_email){
 						$code = rand(1000000,100000000);
 						$to = $db_email;
 					$subject = "Password Reset";
 						$body = "Click the link below or paste it into your browser:
 		
 							 	 http://grapevine.poba.co/password_forgot.php?code=$code&email=$email
 		
 							 	 From Grapevine by team FLOW.";
 		
 						$headers = 'From: grapevine@grapevine.poba.co' 		. "\r\n" .
 						    	   'Reply-To: grapevine@grapevine.poba.co' 	. "\r\n" .
 						    	   'X-Mailer: PHP/' . phpversion() 		. "\r\n" .
 						    	   'Importance: High' . "\n";
 						mail($to, $subject, $body, $headers);
 						mysqli_query($dbc, "UPDATE User SET passreset='$code' WHERE email='$email'");
 						echo "<p style=\"text-align: center; color: green\">Please check your email.</p>";
 					}else{
 						echo  "<p style=\"text-align: center; color: red\">Email is incorrect</p>";
 					}
 				}else{
 					 echo "<p style=\"text-align: center; color: red\"> That username doesn't exist.</font>";
 				}
 			}
 		}
 			?>
 		<?php include("includes/footer.php"); ?>
